Core Impact Threat Intelligence Exploits, Security and Penetration Testing Updates

Core Impact Threat Intelligence Exploits, Security and Penetration Testing Updates

When you buy Core Impact, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within Core Impact. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because Core Impact keeps you there.

Use the controls below to navigate Core Impact exploits and other modules.

Title Description Vulnerabilty Categorysort descending Platform
VMware VMCI Arbitrary Code Execution Vulnerability Exploit Using the VMWare VMCI Arbitrary Code Execution vulnerability it is possible run code in the host machine. This module sends a malformed message through hardware port to host exploiting the vmware-vmx.exe process and installing an agent. CVE-2008-2099 Exploits/Local Windows
Linux Kernel join_session_keyring Reference Counting Privilege Escalation Exploit The join_session_keyring() function in security/keys/process_keys.c in the Linux kernel is prone to a reference counter overflow that occurs when a process repeatedly tries to join an already existing keyring. This vulnerability can be leveraged by local unprivileged attackers to gain root privileges on the affected systems. CVE-2016-0728 Exploits/Local Linux
Linux Kernel libfutex Privilege Escalation Exploit This module exploits a vulnerability in the Linux Kernel. The futex_requeue function in kernel/futex.c in the Linux kernel does not ensure that calls have two different futex addresses, which allows local attackers to gain privileges via a crafted FUTEX_REQUEUE command. CVE-2014-3153 Exploits/Local Linux
FreeBSD mmap ptrace Privilege Escalation Exploit This module exploits a vulnerability in FreeBSD. The FreeBSD virtual memory system allows files to be memory-mapped. All or parts of a file can be made available to a process via its address space. The process can then access the file using memory operations rather than filesystem I/O calls. Due to insufficient permission checks in the virtual memory system, a tracing process (such as a debugger) may be able to modify portions of the traced process's address space to which the traced process itself does not have write access. CVE-2013-2171 Exploits/Local FreeBSD
Microsoft Windows CreateWindow Function Callback Exploit (MS10-032) This module exploits a vulnerability in win32k.sys when a "window" is created. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-0485 Exploits/Local Windows
Microsoft Windows OpenType Font Driver Vulnerability Exploit (MS15-078) Update 3 This module exploits a vulnerability in "atmfd.dll" Windows driver by loading a crafted OTF font. This update adds support to "Low Integrity Level" bypass for "Windows 8.1" 32 bits by using a kernel memory leak (CVE-2015-2433). CVE-2015-2426 Exploits/Local Windows
Microsoft Windows WPAD Elevation of Privilege Exploit (MS16-077) An elevation of privilege vulnerability exists in Microsoft Windows when the Web Proxy Auto Discovery (WPAD) protocol falls back to a vulnerable proxy discovery process. An attacker who successfully exploited this vulnerability could bypass security and gain elevated privileges on a targeted system. CVE-2016-3213 Exploits/Local Windows
Sun SunScreen Firewall Privilege Escalation Exploit The SunScreen Firewall is prone to a vulnerability that allows the execution of arbitrary commands as the root user. This module exploits the vulnerability and installs an agent with root privileges. CVE-2011-0902 Exploits/Local Solaris
Microsoft Windows MRXDAV.SYS WebDav Privilege Escalation Exploit (MS16-016) This module exploits a vulnerability in Microsoft Windows MRXDAV.SYS driver. This vulnerability allows a local attacker to execute arbitrary code with SYSTEM privileges in a vulnerable target. CVE-2016-0051 Exploits/Local Windows
Microsoft Internet Explorer IESetProtectedModeRegKeyOnly Protected Mode Escape Exploit (MS13-097) The IESetProtectedModeRegKeyOnly() function in the ieframe.dll library of Microsoft Internet Explorer calls the RegCreateKeyEx registry function when running with Medium Integrity Level over a registry key that is writable by a sandboxed IE instance. This can be abused to overwrite IE's Elevation Policy by creating symbolic links in the Windows Registry in order to escape from the Internet Explorer Protected Mode sandbox. This module allows an agent running in the context of iexplore.exe with Low Integrity Level/AppContainer Integrity Level to escalate privileges in order to install a new agent that will run with Medium Integrity Level. CVE-2013-5045 Exploits/Local Windows
Microsoft Windows Win32k Keyboard Layout Vulnerability Exploit (MS12-034) Update 4 This update adds support to Microsoft Windows Vista and Microsoft Windows 7 ( only DoS ). This module exploits a Windows kernel vulnerability by loading a fake keyboard layout through a call to "NtUserLoadKeyboardLayoutEx" function with crafted parameters. When the keyboard layout is processed by win32k.sys, it produces a kernel heap memory corruption. CVE-2012-0181 Exploits/Local Windows
Mac OS X pppd Plugin Loading Privilege Escalation Exploit The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the stdin file descriptor to determine if the invoker has sufficient privileges, which allows local users to load arbitrary plugins and gain root privileges by bypassing this check. CVE-2007-0752 Exploits/Local Mac OS X
Windows Shell Hardware Detection exploit This module exploits a vulnerability in the 'detection and registration of new hardware' function of the Windows Shell; the vulnerability is exposed by a parameter that is not properly validated. The exploit allows a local user to escalate their privileges on a compromised Windows XP or Windows 2003 system. CVE-2007-0211 Exploits/Local Windows
FreeBSD mount Local Privilege Escalation Exploit Update FreeBSD is prone to multiple stack-based buffer-overflow vulnerabilities because the kernel fails to perform adequate boundary checks on user-supplied data. If the system is configured to allow unprivileged users to mount file systems, it is possible for a local adversary to exploit this vulnerability and execute code in the context of the kernel. This update fixs some issues and adds validations pre-explotation. CVE-2008-3531 Exploits/Local FreeBSD
Linux vixie-cron exploit do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in /etc/security/limits.conf CVE-2006-2607 Exploits/Local Linux
Linux Overlayfs ovl_setattr Local Privilege Escalation Exploit This module exploits a vulnerability in Linux. The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application. CVE-2015-8660 Exploits/Local Linux
Trend Micro TMTDI.SYS Privilege Escalation Exploit Update This module exploits a privilege escalation vulnerability in the tmtdi.sys driver of Trend Micro Titanium Maximum Security and OfficeScan products. The vulnerable driver trusts a dword passed from user mode via IOCTL 0x220404, and interprets it as a function pointer without performing validations. This vulnerability allows unprivileged local users to execute code with SYSTEM privileges. This update adds support for the Trend Micro OfficeScan product, as well as support for Windows Server 2003 and Windows Server 2008 platforms. NOCVE-9999-45910 Exploits/Local Windows
Microsoft Windows Win32k Buffer Overflow Exploit (MS13-046) This module exploits a vulnerability in Windows kernel calling to "DisplayConfigGetDeviceInfo" function with crafted parameters. CVE-2013-1333 Exploits/Local Windows
NVIDIA DxgDdiEscape Handler Privilege Escalation Exploit NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x600000D where a value passed from a user to the driver is used without validation leading to escalation of privileges. CVE-2016-7387 Exploits/Local Windows
Microsoft Windows Win32k Privilege Escalation Exploit(MS15-010) win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." CVE-2015-0003 Exploits/Local Windows
Microsoft Windows Task Scheduler Service Privilege Escalation Exploit This module exploits a privilege escalation vulnerability in the Microsoft Windows Task Scheduler Service. This vulnerability is currently exploited by the Stuxnet malware. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2010-3338 Exploits/Local Windows
Microsoft Windows NDProxy DeviceIoControl Vulnerability Exploit This module exploits a vulnerability in Windows kernel ("ndproxy.sys" driver) by calling to the "DeviceIoControl" function with crafted parameters. CVE-2013-5065 Exploits/Local Windows
Linux NVIDIA exploit The NVIDIA Binary Graphics Driver for Linux is vulnerable to a buffer overflow that allows an attacker to run arbitrary code as root. CVE-2006-5379 Exploits/Local none
Linux Kernel CONFIG_BPF_SYSCALL Local Privilege Escalation Exploit This module exploits a user-after-free vulnerability in the Linux Kernel. When bpf(BPF_PROG_LOAD, ...) was invoked with a BPF program whose bytecode references a non-map file descriptor as a map file descriptor, the error handling code called fdput() twice instead of once (in __bpf_map_get() and in replace_map_fd_with_map_ptr()). If the file descriptor table of the current task is shared, this causes f_count to be decremented too much, allowing the struct file to be freed while it is still in use (use-after-free). This can be exploited to gain root privileges by an unprivileged user. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. NOCVE-9999-74975 Exploits/Local Linux
Sun xVM VirtualBox Exploit This module exploits a local privilege escalation vulnerability in certain packages shipped with Sun xVM VirtualBox for the Linux platform. CVE-2009-0876 Exploits/Local Linux
Linux Kernel Ext4 Move Extents IOCTL Privilege Escalation Exploit Linux kernel is prone to a local privilege-escalation vulnerability because the software fails to verify access permissions. A local user can invoke the Ext4 'move extents' ioctl call, with certain options to execute arbitrary code and gain privileged access. Successful exploits will result in the complete compromise of affected computers. CVE-2009-4131 Exploits/Local Linux
Microsoft Windows CreateWindow Function Callback Exploit (MS10-032) Update This update improves the exploit reliability and adds support to Windows XP SP2. This module exploits a vulnerability in win32k.sys when a "window" is created. CVE-2010-0485 Exploits/Local Windows
Sparklabs Viscosity Config Path Privilege Escalation Viscosity for Windows suffers from a privilege escalation vulnerability. By abusing the named pipe configuration channel between the client and the underlying service, a local attacker can gain SYSTEM privileges. NOCVE-9999-84440 Exploits/Local Windows
Microsoft Windows Win32k SetParent Null Pointer Dereference Exploit (MS15-135) This module exploits a vulnerability in win32k.sys by calling to SetParent function with crafted parameters. CVE-2015-6171 Exploits/Local Windows
Panda Global Protection AppFlt.sys Privilege Escalation Exploit This module exploits a memory corruption vulnerability in the AppFlt.sys driver of Panda Global Protection when handling a specially crafted IOCTL request. This vulnerability allows unprivileged local users to execute code with SYSTEM privileges. NOCVE-9999-46949 Exploits/Local Windows